If those Sony cyberattacks bummed you out, the White House wants you to know that it has a proposal to deal with those kinds of security risks in the future. Just one problem: President Barack Obama’s plan is very similar to the Cyber Intelligence and Sharing Act (CISPA) legislation that he previously promised to veto.

Yesterday, the White House published a press release that proposed a number of new measures for protecting public and private entities from cyberthreats. The heart of the plan would have corporations share information about attacks with the U.S. government and its security agencies. This move from the executive branch is widely seen as a response to the Sony Pictures breach, which helped hackers get access to an unprecedented amount of private data from a corporation. But it’s also a response to the distributed denial-of-service (DDoS) attack that brought down the PlayStation Network and Xbox Live gaming services on Christmas Day. While many are looking for the government to take action about online threats, at least one privacy group is worried Obama’s proposal already goes too far.

The administration is proposing a provision “that would allow for the prosecution of the sale of botnets,” which are usually banks of computers that anyone can rent and use for any means they choose. Botnets are crucial to running DDoSes, as we explain in our report on why PSN went down. Obama also wants to “give courts the authority to shut down botnets engaged in DDoS attacks and other criminal activity.”

Sponsored by VB

Gaming is in its golden age, and big and small players alike are maneuvering like kings and queens in A Game of Thrones. Register now for our GamesBeat 2015 event, Oct. 12-Oct.13, where we’ll explore strategies in the new world of gaming.

If those elements of the Obama plan go into effect, law enforcement may have an easier time of shutting down some DDoS barrages. The cyberattack group Lizard Squad, which took credit for the PSN and Xbox Live assaults, is actually selling DDoS as a service now to anyone who has the cash, and these potential laws would help U.S. agencies to go after and prosecute the group for doing that.

But this isn’t the part of the plan that the privacy advocates at the Electronic Frontier Foundation are worrying about. In a statement on its website, the organization made it clear that Obama is using recent headlines to justify security measures that could end up giving the government even more access to private information about individuals.

We contacted the EFF for a comment, and it pointed us to its official statement. We also reached out to Sony and Microsoft, and we’ll update this post with any new information or comments.

“More needs to be done to protect cyberspace and enhance computer security,” reads the EFF statement. “But President Obama’s cybersecurity legislative proposal recycles old ideas that should remain where they’ve been since May 2011: on the shelf.”

The EFF is referring to the CISPA, which lawmakers first introduced in 2011 and was just re-introduced in the House of Representatives last week. In 2013, a version of CISPA passed the House but did not get through the Senate — the reintroduced bill is similar to the 2013 version.

You may remember hearing about CISPA as it inspired a backlash. Many critics viewed the bill as a way to legalize “cyberspying.” It would enable companies to search their data for “threat information.” Companies would then share that data with other security companies as well as the U.S. government, all without a search warrant.

Obama’s measures call for a similar kind of information sharing. While both the administration as well as the authors of CISPA claim that their respective proposals would remove “unnecessary personal information,” that’s not enough for the EFF.

“Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data,” reads the EFF statement, “we’re concerned that the administration proposal will unintentionally legitimize the approach taken by these dangerous bills.”

The EFF goes on to claim that both proposals don’t even deal with the “low-hanging fruit” that would shore up security in U.S. networks. This includes using the information sharing hubs that already exist like the Department of Homeland Security’s Enhanced Cybersecurity Services and Information Sharing and Analysis Centers.

“All of these institutions represent robust information sharing hubs that are underutilized and under-resourced,” the EFF statement says.

The privacy organization goes on to say that education of the people running our networks is of grave importance.

“It’s well known that many security breaches are due to employees downloading malware,” the EFF statement continues. “Yet another key solution is to follow basic security precautions. The New York Timesreported the JP Morgan hack occurred due to an un-updated server.”

The EFF is saying that common sense is a much better first step than putting in place a mechanism that the government could easily abuse. CISPA even has a clause that would enable the agency to get the protect personal information in certain, undefined circumstances.

So while it was a drag that I couldn’t play Far Cry 4 during the holidays and that internal Sony emails are making headlines, it’s possible that our response to those events could do more harm than good.

CISPA (Cyber Intelligence Sharing & Protection Act)

The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill that attempts to give American companies a greater degree of protection against cyber security threats. It does this by allowing the government to become a “middleman” of sorts by sharing cyber threat data from all the tech/web companies. Some of these companies are already sharing data, which may or may not be against the law, but if CISPA passes they will absolutely be exempt from prosecution.

Why it could be bad: Some of the bill’s stipulations are vague, including those that protect against the government’s interest in personal data and how far companies are allowed to go when grabbing that data. Many people feel there should be safeguards to protect individual privacy rights.

Status: It passed a vote by the House. And the Senate committee in charge of reviewing CISPA’s House bill has vowed not to review it, deciding instead to draft its own cybersecurity legislation. That doesn’t mean CISPA is dead, as VentureBeat previously pointed out. One of those Senate bills could easily morph back into something very similar to the CISPA House bill, only with a different name.

Marketplace Fairness Act (a.k.a. the Internet Sales Tax bill)

The Marketplace Fairness Act is an attempt to give states the authority to force online sellers to collect sales tax from people who buy products or services from them. The bill was named because of its intent to take away Internet retailers’ advantage of not having to charge sales tax on their items — whereas physical stores do have to collect those taxes.

Why it could be bad: Currently, the bill requires any company to collect taxes if it generates more than $1 million in revenue from out-of-state consumers. The problem is, collecting sales tax from 50 states (let alone cities and counties) is a very complicated task and something that small businesses won’t be able to do easily or cheaply — even though this act does have some provisions to simplify the current state of affairs. Bigger online retailers can handle this type of sales tax collection, so it really just gives companies like Amazon another advantage over the smaller, physical retail stores.

Status: The Marketplace Fairness Act passed a vote in the Senate despite lots of pushback from House members who don’t like the bill at all. Of course, this doesn’t mean it won’t pass, but it could at least end up a little watered down. For instance, an amended version may increase the amount of out-of-state revenue a business generates before it has to collect sales tax to $10 million. Another possible amendment could place a stipulation on the number of employees a company has on salary before the Marketplace Fairness Act would apply to them.

DMCA reform (a.k.a. why you can’t legally unlock your smartphone)

The Digital Millennium Copyright Act (DMCA) was originally passed into law in December 1998 to provide media companies with some instruction when it came to licensing content to third-parties. It was later revised, as the Internet became a much bigger force, to give music labels and movie studios some protection against digital piracy. Back then, it sort of made sense, because all media was transitioning into a digital market via consumers faster than copyright holders could adapt to a new business model. DMCA has been effective on some levels because it established a basis for the new frontier of digital copyright law, but it wasn’t able to predict the future — so parts of the law actually hinder innovation and diminish consumer protections to ensure businesses who own those copyrights can make money.

Why it is broken: Today, digital media copyright laws are a total and absolute mess. I could easily fill an entire feature article with specific examples of how DMCA is broken, but I’ll zero in on a single aspect of the law that may actually get reformed in the near future.

The flaw is found in section 1201 of the bill, which treats software as if it were a hit radio single or blockbuster movie.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

It prevents consumers in the U.S. from altering the software that comes baked into mobile devices, such as smartphones and tablets, in order to make them work on any wireless carrier. You can buy an iPhone, resell it, or disassemble it for parts, but altering the operating system without permission from the carrier is punishable by up to five years in prison and a hefty $50,000 fine.

ECPA reform (a.k.a. email privacy laws)

The Electronic Communication Privacy Act (ECPA) was created in the 1980s, a decade known for producing legendary musical hits from Phil Collins but not so much for its strides in outlining the fundamentals of email communication. The law was created to make sure authorities had a good reason for investigating any electronic communication. As a result, stored electronic communication was treated like physical property for the most part, meaning a warrant was needed prior to investigating the communication. It also added stipulations for wiretapping telephone calls and other electronic communication as it was being sent. For the ’80s this was perfectly acceptable, but it’s pretty outdated over 30 years later.

Why it’s broken: In the ’80s the “cloud” was still only something you’d see in the sky. Email was only being sent between devices over the Internet and stored on devices (computers) that could be considered personal property. So needless to say, the ECPA has no real specifications for handling privacy protections for electronic communication stored in the cloud, i.e., servers that are not in someone’s personal possession. If you had a basement of mail servers in your house that the government wanted access to, they couldn’t touch it without a warrant. But since Google is holding your data, the ECPA has been interpreted to allow authorities to access it after it’s been stored 180 days, because at that point it’s deemed abandoned. The EPCA also has different regulations for opened and unopened email messages. This law is so outdated that it’s an easy target for reform.

Status: ECPA reform is making some headway already. A revised version of the law introduced by Sen. Patrick Leahy (D-VT), which requires authorities to obtain a warrant before being able to access your email regardless of where or how it’s stored, passed unanimously in the Senate last month. The ECPA reform still needs to get through a House committee and then win a vote on the House floor. There’s no telling how long that might take.

CFAA reform (a.k.a. preventing the next Aaron Swartz tragedy)

The Computer Fraud and Abuse Act (CFAA) is a nasty law that makes it illegal for someone to intentionally access a computer without authorization or to access it at a level beyond the level they have authorization for.

More specifically, CFAA makes hacking illegal. Hacking can run the gamut from the sinister to the benign, yet the CFAA doesn’t distinguish between those instances.

CFAA is mostly a criminal law (meaning harsher punishments) that’s been amended so that it can be tried in civil courts. Yet it still has very harsh punishments. First-time offenders of CFAA face a minimum of five years in prison; and repeat offenders face 10 to 15 years. That’s in addition to hefty fines. Depending on what violation you’re charged with within the CFAA, you could face harsher punishments even for a first-time offense.

Why it’s broken: CFAA is extremely vague when it comes to defining what constitutes “accessing a computer without authorization,” and it’s even more vague about what it means for someone to knowingly exceed their authorization on a computer. It also doesn’t make any distinction based on the motive of the offender, which allows prosecutors to manipulate the final sentence far beyond what’s reasonable or fair.

Tragically, this is exactly what happened to 26-year-old Internet activist Aaron Swartz, who faced charges for downloading about 20 million academic documents from PACER in 2008, and again years later for downloading and distributing another 5 million academic documents from for-fee database JSTOR. The second violation alone landed Swartz 13 felony counts. In the aftermath of the prosecution activity, Swartz took his own life — with many saying the overly harsh CFAA charges were a main contributor to his suicide. Swartz wasn’t hacking nuclear missile guidance computer systems, he was making scientific research available to those who would use and learn from it.

Status: There have been several attempts to introduce new legislation that would reform CFAA, but nothing has gained significant traction. Earlier this year, Rep. Zoe Lofgren (D-Calif.) introduced a bill, Aaron’s Law, that would have limited the number of charges brought against someone under CFAA. And in March, a reformed version of CFAA that took a harsher stance against hacking crimes got a cold reception when it was introduced in the House. This is a tech policy issue people want to see fixed not just because it’s broken, but also to honor Swartz’s memory by preventing the same thing from happening to others in the future.

Most people don’t realize it, but you can’t actually just decide to create your own line of automobiles and sell them like you would any other product. This seems to be especially true for electric car manufacturer Tesla and its real-life-Tony Stark founder, Elon Musk. Car dealership groups in all 50 states are throwing hissy fits because Tesla wants to allow people to come to its physical retail stores, buy a Model S roadster that day, and have it delivered right to their homes. The auto dealers don’t like Tesla’s model because it cuts out the need for car dealerships entirely. At the very least, Musk’s approach hints that having a two-acre lot with tons of unsold, expensive vehicles might not be the best way to sell cars.

There isn’t a single law governing car sales, but rather a group of state laws with their own guidelines and regulations for selling automobiles. They’re complicated. They’re also very deeply entrenched.

Why these laws are broken: Currently, you can’t buy a Tesla car in many states, such as Virginia or Texas. A potential Tesla customer has to go home to both order and pay for the car online via Tesla’s website. In some cases, the car has to come from California to comply with state laws on dealerships. That’s a tad ridiculous, especially considering the benefits an electric car revolution could have on the economy and the environment. This is a broken law that’s being upheld because auto dealers are worried that without auto dealer regulations, their jobs will be on the line. (I’m all for saving jobs, but not at the expense of innovation that promotes cleaner energy usage and inches us close to Knight Rider becoming a reality.)

Status: Tesla could seek help from federal courts for a decision that would allow it to operate regardless of state regulations. It recently won a small victory in Texas, which will now allow the company to sell cars directly from its retail stores, but only for the first few thousand vehicles. After that, Tesla will need to be approved for a dealer’s license, which has some pretty unreasonable requirements given the company’s business strategy of cutting out the whole dealership process to begin with.

Failing a federal court ruling, Tesla could lobby Congress for its own legislation, allowing it to supersede state automotive dealership laws.

]]>06 tech policy issues you should be followingSenate approval on the House’s controversial cybersecurity bill CISPA seems unlikelyhttp://venturebeat.com/2013/04/25/senate-approval-on-the-houses-bad-cybersecurity-bill-cispa-seems-unlikely/
http://venturebeat.com/2013/04/25/senate-approval-on-the-houses-bad-cybersecurity-bill-cispa-seems-unlikely/#commentsThu, 25 Apr 2013 21:02:39 +0000http://venturebeat.com/?p=725106Bad cyber security legislation CISPA is likely to fail if it goes to a vote on the Senate floor, according to comments made by Sen. Jay Rockefeller (D-W.V.), chairman of the committee on commerce, science and transportation, today.
]]>

The Cyber Intelligence Sharing and Protection Act (CISPA) is likely to fail if it goes to a vote on the Senate floor, according to comments made today by Sen. Jay Rockefeller (D-W.Va.), the chairman of the committee on commerce, science and transportation.

CISPA is a bill that would enable major companies to share cyberthreat data with the government (and each other) to prevent attacks on their networks. Many critics have spoken out against CISPA because it doesn’t specify what information can be shared and what it will be used for beyond preventing cyberattacks. CISPA passed a vote in the House last week despite threats of a presidential veto.

“We’re not taking [CISPA] up,” Rockefeller told U.S. News. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we’re going to strengthen cybersecurity. They’ll be drafting separate bills.”

CISPA isn’t technically dead, because the Senate hasn’t brought the bill to a vote. And even though there’s promise of carving CISPA’s various cybersecurity issues into separate bills, it could easily morph into something that’s very much like the original piece of legislation that was passed by the House.

The U.S. House of Representative passed the Cyber Intelligence Sharing and Protection Act (CISPA) today after spending two days amending and debating it.

CISPA intends to open up the lines of communication between the private and government sectors to share information about breaches on private companies’ computer systems and other security problems. Many privacy and advocacy groups, however, have opposed the bill saying it doesn’t protect personal information.

The bill will now head to the Senate for its approval. If approved, it will go on to the White House, where President Barack Obama has already expressed grave concerns over the bill. Prior to the two days of amendment approvals CISPA faced, the White House threatened to veto the bill if it arrived on Obama’s desk in its current state. It is unclear whether the White House stands by this comment now that a few amendments have passed.

“Now that CISPA has passed the House, the real battle will be in the Senate. I think we’ve got a stronger position in the Senate to defend online privacy, but there’s a lot of political will to move cybersecurity legislation this year,” said Electronic Frontier Foundation Activism Director Rainey Reitman in an email to VentureBeat. “We also have enough time now for concerned citizens to actually reach out to staffers and set up meetings with Senate offices, either in DC or when they next visit their home districts. Every letter, phone call, and meeting makes a difference.”

But some legislators are still unconvinced. Minority Leader Rep. Nancy Pelosi (D-Calif.) expressed her worry on the House floor today saying the bill still didn’t meet the standards that uphold American’s civil liberties and gives companies too much immunity when providing attack information.

“They can just ship the whole kit and caboodle, and we are saying minimize what is relevant to our national security,” said Pelosi before the vote today. “The rest is none of the government’s business.”

Pelosi went on to say that the bill doesn’t touch on what she called the nation’s biggest cybersecurity issue: our infrastructure. The Rules Committee, which determines what jurisdictions you can and cannot touch in your bill, could have come together with the Homeland Security committee to allow CISPA’s writers to include infrastructure needs, according to Pelosi. But that didn’t happen.

“It’s just that curtail balance between security and liberty that I do not think has been struck in that bill. So for my own part, it will not have my support,” she concluded.

A second representative, Ed Perlmutter (D-Colo.) introduced a last-minute, slightly off-topic amendment that dictates government can never create an Internet firewall similar to China’s that disrupts the public’s access to the Internet. The amendment also made asking prospective employees for social media passwords during the interview process illegal. The amendment was not passed.

While the House of Representatives debated the controversial Cyber Intelligence Sharing and Protection Act (CISPA) today, one of the bill’s authors claimed that they have not found any U.S. companies who oppose CISPA.

I suppose no one there has heard of Reddit.

“Well, after falsely dismissing us as ‘14-year-old tweeters in basements‘ — it doesn’t surprise me that [Rep. Mike Rogers (R-Mich.)] would have the audacity to make another false claim when a U.S. company like Reddit has opposed CISPA from the start in order to protect the privacy rights of its 64 million monthly users,” said Reddit cofounder Alexis Ohanian in an e-mail to VentureBeat today.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

Rogers said on the House floor that “we have yet to find a single U.S. company that opposes this bill” after explaining that those behind CISPA have spoken with privacy groups, technology companies in Silicon Valley, financial institutions, and others regarding its content. He went on to name IBM, Intel, Juniper, Oracle, and EMC, as supporters of the bill.

“Rep. Rogers apparently hasn’t been looking very hard,” said Dave Maass, a spokesperson for privacy group the Electronic Frontier Foundation in an email to VentureBeat. “If he checked his Twitter account, he’d see that Craigslist, Reddit, Namecheap, Mozilla, and Automattic are all opposed to CISPA. Rep. Jared Polis perhaps put it best when he said that CISPA will shake the confidence of Internet users and without that trust, all Internet companies will suffer.”

CISPA’s intent is to help private companies share cyber-security event information with the government. The bill’s authors say that the military will by not means control the information that comes through CISPA’s channels. They also stress that the only information coming through are “1s and 0s” and that if any personal information slips through it will be “knocked out,” in the words of Rep. Dutch Ruppersberger (D-Md.).

Privacy groups and companies such as the one above oppose CISPA, however, saying that the bill uses too broad of language and poses a threat to individual privacy. Yesterday, the White House said it would veto the bill in its current state, fearing that companies would be given too much leeway in sharing private information and should be held accountable for the information it hands over.

“It’s sad, because Michigan’s 8th District deserves a rep who won’t sacrifice liberty for perceived security,” said Ohanian.

]]>1Wrong! Rep. Rogers claims that no U.S. companies oppose CISPAWhite House says it would veto CISPA as it ishttp://venturebeat.com/2013/04/16/cispa-white-house/
http://venturebeat.com/2013/04/16/cispa-white-house/#commentsTue, 16 Apr 2013 22:26:58 +0000http://venturebeat.com/?p=717321Looks like CISPA, which was recently voted through committee, may have to go back to the drawing room floor as the White House threatens to veto it.
]]>

“The Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill,” the White House said in a statement today.

The Cyber Intelligence Sharing and Protection Act was recently voted through the House Intelligence Committee, bringing it one step closer to the president’s desk. The House is slated to vote on the bill tomorrow, causing activist groups to call for people to tweet their representatives and make noise about the proposed legislation. It seems the White House has the loudest voice today.

If passed, CISPA would head to the Senate next.

The Obama administration has already once turned down the bill, saying it need amendments before it can be made into law. Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) made a few amendments to the bill, including the removal of language that says the information collected through CISPA could be used for “national security” purposes.

The White House says that it’s still looking for more amendments and “should adhere to the following priorities:

Carefully safeguard privacy and civil liberties

Preserve the long-standing, respective roles and missions of civilian and intelligence agencies

Provide for appropriate sharing with targeted liability protections

The statement goes on to say that people shouldn’t have to fear companies having “immunity” if they share information that puts people’s civil rights in harm’s way.

“Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately,” said the White House. “Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals.”

]]>0White House says it would veto CISPA as it isCISPA bill headed to House vote next weekhttp://venturebeat.com/2013/04/10/cispa-voted-house/
http://venturebeat.com/2013/04/10/cispa-voted-house/#commentsThu, 11 Apr 2013 00:47:37 +0000http://venturebeat.com/?p=714175A criticized cyber-security bill that hopes to improve information sharing between the private and public sectors was voted through by the House Intelligence Committee today.
]]>

CISPA, a cyber-security bill widely contested by advocacy groups, passed the House Intelligence Committee today and will be voted on by the House of Representatives next week.

CISPA was originally shot down by the Obama administration, but has come back with a number of amendments. It focuses on information sharing — a barrier between the private and government sectors that is, in many people’s minds, stunting cyber security growth. CISPA would allow private companies to quietly disclose attacks on their systems to government agencies.

Privacy groups are concerned that this information sharing might include customer and user information and might overstep the current privacy regulations we have in place. The bill’s creators, Representative Mike Rogers (R-Mich.) and Representative Dutch Ruppersberger (D-Md.), say this isn’t the case, and they’ve made amendments stating that data must be stripped of personal information.

The Electronic Frontier Foundation and the American Civil Liberties Union took to Reddit recently to express concern about CISPA and rally people to contact their congressmen. The two held an “Ask Me Anything” session where people could pose any questions about the bill to be answered by lawyers and activists with either group.

“The most effective way to express dissent is a combination of contacting those in power and then being LOUD,” said Adi Kamdar, activist with the EFF during the AMA. “The next step — and perhaps the more important step — is for you to spread the word about CISPA and its huge concerns. Tweet about it, post about it on Facebook, yell it from the rooftops (safely). The bill is being marked up and voted on these next few weeks. People need to learn about CISPA’s dangers and take action today.”

On a lighter note, if you need a refresher on how bill-voting works, you should probably watch this:

]]>2CISPA bill headed to House vote next weekBoneheaded congressman brags about getting money for supporting CISPAhttp://venturebeat.com/2013/03/23/boneheaded-congressman-brags-about-getting-money-for-supporting-cispa/
http://venturebeat.com/2013/03/23/boneheaded-congressman-brags-about-getting-money-for-supporting-cispa/#commentsSat, 23 Mar 2013 21:10:33 +0000http://venturebeat.com/?p=704494As a member of congress, it's one thing to support a bad piece of tech policy because you don't fully understand the Internet but it's quite another when you brag about all the money you're making on the side from that position.
]]>

As a member of congress, it’s one thing to support a bad piece of tech policy because you don’t fully understand the Internet but it’s quite another when you brag about all the money you’re making on the side from that position.

That’s what happened yesterday when Rep. Mike Rogers (R-MI) tweeted about how pro-CISPA organizations donate much more money than those that don’t support the bill.

Rogers initially tweeted a link to an article (screenshot shown above) that outlined the collective contributions that pro-CISPA organizations donated to House members. The pro-CISPA groups, such as AT&T, IBM, U.S. Chamber of Commerce, and Comcast, gave upwards of $55 million to congressional members, where anti-CISPA groups have only given about $4 million, according to political finance activist group MapLight. Basically, this is the kind of information that should send up all sorts of red flags — since many of these companies that support CISPA stand to benefit financially in one way or another if it passes.

The tweet in question has since been deleted by Rogers. And since then the congressman (or one of his aides) has tweeted statements that attempt to further explain what CISPA does and doesn’t do. But without any evidence attached to those statements, it’s pretty much a matter of how you interpret the language written in the bill.

CISPA is currently being held up for review in a house committee, and is expected to head to the floor for a vote in the near future.

]]>0Boneheaded congressman brags about getting money for supporting CISPANot content to wait on congress, President Obama signs cyber security executive orderhttp://venturebeat.com/2013/02/12/obama-cyber-security-executive-order/
http://venturebeat.com/2013/02/12/obama-cyber-security-executive-order/#commentsWed, 13 Feb 2013 04:32:54 +0000http://venturebeat.com/?p=621271While congress has yet to reach any sort of lasting solution regarding the nations growing cyber security problems, President Barack Obama has decidedly taken the first big step in an executive order signed earlier today.
]]>

While congress has yet to reach any sort of lasting solution regarding the nations growing cyber security problems, President Barack Obama has decidedly taken the first big step in an executive order signed earlier today.

The executive order places the National Institute of Standards and Technology with the responsibility of creating cyber security standards for organizations and industries that are of great importance to the country, such as transportation, utilities (water and electric), and healthcare. The department of Homeland Security will then work with businesses and industry groups on a volunteer basis to ensure that the standards are being met properly as well as come up with incentives to get more organizations/businesses on board.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

The executive order would also create a new initiative for businesses to share their cyber security data with a centralized organization that could make sense of it, and allow security experts to advise on how to prevent future attacks.

Right now the biggest deterrent in getting businesses and other organizations to get on some kind of standard cyber security plan is that most don’t want to be held liable for security breaches due to failure of these self-imposed regulations. However, if congress passes new legislation regarding cyber security standards, that could change.

Last year the House passed legislation call CISPA, or the Cyber Intelligence Sharing and Protection Act, which would have addressed many of the concerns businesses and other organizations had about a cyber security standards. The bill sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. However, CISPA had few guarantees that it wouldn’t grossly violate an individual’s privacy rights, and initially faced of a presidential veto threat). The White House eventually put a stamp of approval on a revised version of the bill, which failed a vote in the Senate.

This is an issue that President Obama clearly understand is important (having highlighted it specifically in tonight’s State of the Union address), and his executive order essentially lays the groundwork for the CISPA bill to pass, should that happen.

You can read full text of the cyber security executive order in the document embedded below.

Rumors of CISPA’s demise were apparently greatly exaggerated, according to various privacy rights advocates and organizations today.

CISPA, or the Cyber Intelligence Sharing and Protection Act, initially sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. It passed a House vote with few guarantees that it wouldn’t grossly violate a person’s privacy rights (even in the face of a presidential veto threat). The White House eventually put a stamp of approval on the bill, pending certain amendments. But the Senate vote failed, and the president resorted to other methods for the time being.

The recently “deceased” bill, however, is scheduled for a new vote. House Intelligence Committee Chairman Mike Rogers (R-MI) and fellow congressman Dutch Ruppersberger (D-MD) will reintroduce CISPA this Wednesday, which should bear a striking resemblance to last year’s bill and not the amended version that failed to gain even a senate vote of approval.

So, what can you do to thwart (or at the very least stay informed about) CISPA this time around? Well, non-profit privacy awareness group Fight for the Future has created a webpage listing all the contact information for each congressperson that co-signed the last version of the bill, a list of companies that support the new CISPA, and other important facts.

The group also produced the infographic embedded below which contains a condensed explanation of what CISPA is trying to make legal.

]]>0Bad cyber security bill CISPA heading back to the HouseConvoluted Cybersecurity Act gets voted down in the Senatehttp://venturebeat.com/2012/08/02/senate-cybersecurity-act-fails/
http://venturebeat.com/2012/08/02/senate-cybersecurity-act-fails/#commentsThu, 02 Aug 2012 20:43:15 +0000http://venturebeat.com/?p=501897The Lieberman-Collins Cyber Security Act was defeated in the Senate today by a vote of 52-46 — four senators shy of its requirement to move forward. The Senate bill was a response to the House’s Cyber Intelligence Security Protection Act (CISPA), which sought to give American companies more legal breathing room when collecting and sharing consumer/user […]
]]>

The Senate bill was a response to the House’s Cyber Intelligence Security Protection Act (CISPA), which sought to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. The Republican-led House passed CISPA back in April, despite lots of backlash from Internet users, special interest groups, and even rumblings of a presidential veto. Critics said CISPA sacrificed a person’s privacy rights and had the potential to censor free speech without public knowledge — among other things.

The Cyber Security Act, by contrast, wanted to address all of these problems through various amendments, in part by requiring authorities to obtain a warrant for personal online data when charging them with a crime. More than 200 amendments were filed to change the bill, which invited lots of debate on both sides of the aisle.

The Senate bill, which was led by Senate Democrats, also put much more emphasis on protecting the country’s financial system and electric grid from malicious activity by hackers, and included amendments to other privacy laws that are vague regarding online activity. Republicans said the bill raised too many questions to gain approval.

The failed vote means Congress won’t address the issue of cybersecurity until at least 2013, according to The Hill.

]]>0Convoluted Cybersecurity Act gets voted down in the SenateSenate amendment could finally bring Netflix into Facebook Timelinehttp://venturebeat.com/2012/07/28/senate-netflix-facebook/
http://venturebeat.com/2012/07/28/senate-netflix-facebook/#commentsSat, 28 Jul 2012 11:00:41 +0000http://venturebeat.com/?p=498769The senate is expected to vote on an amendment next week that would allow video rental services like Netflix to take advantage of deeper integration with social networks like Facebook. Despite being the country’s largest streaming movie service, Netflix is noticeably absent from Facebook’s Timeline feature due to a 1988 law that forbids video rental […]
]]>

The senate is expected to vote on an amendment next week that would allow video rental services like Netflix to take advantage of deeper integration with social networks like Facebook.

Despite being the country’s largest streaming movie service, Netflix is noticeably absent from Facebook’s Timeline feature due to a 1988 law that forbids video rental services from sharing a customer’s rental history. The law, Video Privacy Protection Act (VPPA), was initially created for the purpose of concealing physical media rentals, but congress has refused to say if digital video rentals also fall under the law’s jurisdiction.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

As a cautionary measure, Netflix, which offers both physical and streaming rental services, has operated as if the VPPA did apply to digital media. This is why services like Hulu feature deep Facebook integration, while Netflix does not. In February, the company also decided play it safe by settling a class action suit related to violating the VPPA, as VentureBeat previously reported. The settlement cost the company $9 million, and made them agree to delete all rental history data from a customer a year after they formally cancel their subscription.

Not being able to utilize Facebook is something that Netflix desperately wants for its U.S. service. Several media services — including Spotify, Ustream, Viddy, and others — that previously integrated with Facebook’s Timeline have experienced huge traffic and subscriber growth. Facebook integration has also helped grow Netflix service in international markets, the company stated in its Q2 2012 earnings report.

But despite its setbacks, Netflix is taking steps to persuade congress to change the VPPA law.

In April, Netflix formed its own Political Action Committee (PAC) called FLIXPAC to help rally congress on issues important to its business (like a VPPA amendment). The company has spent a total of $395,000 this year on lobbying efforts, according to political news site The Hill. Also, the House passed legislation in December 2011 that would give Netflix permission to share data via Facebook with a subscriber’s consent.

The amendment, which Sen. Patrick Leahy (D-Vt.) drafted, could be voted on next week as part of another cyber security bill. Leahy’s involvement is particularly interesting because he previously wasn’t keen on allowing rental data to be shared in any form. During a senate hearing in February, Leahy even described the aforementioned House bill as “dominant corporate interests (enticing) a check off in order to receive what may seem like a fun new app or service.”

Leahy’s change of heart could have something to do with senate democrats trying to gain support for an amended version of the Lieberman-Collins Cyber Security Act (aka the senate version of CISPA), which the senate is also expected to vote on next week.

]]>0Senate amendment could finally bring Netflix into Facebook TimelineBig Brother is watching botnets: White House rolls out initiative to fight viruseshttp://venturebeat.com/2012/05/30/white-house-botnet-initiative/
http://venturebeat.com/2012/05/30/white-house-botnet-initiative/#commentsThu, 31 May 2012 03:15:11 +0000http://venturebeat.com/?p=462551Following a number of large botnet attacks on major corporations last year, the Obama administration announced a voluntary, industry-wide plan to combat botnets based on a set of developed principles by the Industry Botnet Group (IBG) and nine other private groups. The White House also revealed its development of a consumer-education campaign intended to teach […]
]]>Following a number of large botnet attacks on major corporations last year, the Obama administration announced a voluntary, industry-wide plan to combat botnets based on a set of developed principles by the Industry Botnet Group (IBG) and nine other private groups. The White House also revealed its development of a consumer-education campaign intended to teach the public about computer viruses.

If you’re unfamiliar with the term “botnet,” then perhaps your computer wasn’t one of the 5 million systems infected worldwide between January and March of this year. Botnets are collections of infected computers used maliciously to create spam, flood traffic to websites and even steal private information.

In an earlier story from VentureBeat, it was reported that the United States fell into the “top five vulnerable countries with 19.32 percent of computers at risk.” Bottom line: it isn’t always in your best interest to click on every link someone sends you.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

“The issue of botnets is larger than any one industry or country,” Howard Schmidt, the White House cybersecurity coordinator, said in an e-mailed statement. “This is why partnership is so important.”

According to Schmidt, the voluntary principles announced are intended for partnership with the government in regards to malware, while working together to confront cyberattacks globally.

“IBG has also developed a framework for shared responsibility across the botnet mitigation lifecycle from prevention to recovery that reflects the need for ongoing education efforts, innovative technologies, and a feedback loop throughout all phases,” IBG said on their website.

In all of this, the Cyber Intelligence Sharing and Protection Act (CISPA) that was passed by the House in April — an act that would allow the government and other companies to voluntarily share information on cyber threats — was opposed by President Obama due to his belief the act would invade the public’s Fourth Amendment rights.

Senator Joe Lieberman recently created a bill (S. 2105) that would put the Department of Homeland Security in the front lines of regulating cybersecurity through transportation networks and power grids. The bill has yet to move to the Senate floor.

]]>0Big Brother is watching botnets: White House rolls out initiative to fight virusesReddit’s Alexis Ohanian won’t invest in Facebook because of its CISPA supporthttp://venturebeat.com/2012/05/07/reddit-alexis-ohanian-no-facebook-investment/
http://venturebeat.com/2012/05/07/reddit-alexis-ohanian-no-facebook-investment/#commentsMon, 07 May 2012 20:10:23 +0000http://venturebeat.com/?p=427040Facebook is just now kicking off a roadshow meant to drum up interest in its forthcoming initial public offering, which is estimated to bring the social media giant between $9.4 billion and $11.8 billion. However, there is at least one high-profile person in the tech world who isn’t impressed: Reddit co-founder Alexis Ohanian. In an […]
]]>

Facebook is just now kicking off a roadshow meant to drum up interest in its forthcoming initial public offering, which is estimated to bring the social media giant between $9.4 billion and $11.8 billion. However, there is at least one high-profile person in the tech world who isn’t impressed: Reddit co-founder Alexis Ohanian.

In an interview with CNN today, Ohanian (pictured above) said he was holding off on any investment in Facebook due to its support of cyber security bill CISPA, although he noted that he definitely “understand(s) the business value of what Facebook is doing.”

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

“We’ve never seen a company like this before, ever. It knows things about our private lives that no one else does, and one of the big issues a lot of us in the tech community has had with Facebook of late, has been their support of bills like CISPA,” Ohanian said. He added that CISPA will make it very easy for a company like Facebook to hand over that private information to the government without any due process.

“So, that’s why I’m going to be holding off,” he said.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer data while defending against Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. But the language in the bill is far too vague when it comes to distinguishing how the government can use that information, leading critics to brand it as “evil.” The bill also doesn’t provide an adequate description of what’s considered a “security threat.”

Despite those aforementioned issues, CISPA passed in the House last week with amendments that make the bill even more vague. Facebook has also stood firm on its stance of support for CISPA, despite the bill’s amendments.

Ohanian isn’t the only person who’s not happy about CISPA or Facebook’s support of it. The site he helped start, Reddit, is also trying to help educate the masses about CISPA.

]]>0Reddit’s Alexis Ohanian won’t invest in Facebook because of its CISPA supportReddit on CISPA: “People just want to know we give a shit”http://venturebeat.com/2012/05/04/reddit-cispa-stance/
http://venturebeat.com/2012/05/04/reddit-cispa-stance/#commentsFri, 04 May 2012 22:24:44 +0000http://venturebeat.com/?p=424881As one of the more prominent and vocal opponents of anti-piracy legislation SOPA, social news site Reddit has positioned itself as an organization that deeply cares about tech policy. But sometimes that can work against it. For instance, last weekend the site’s users started organizing an elaborate Reddit-boycott due to unhappiness over the lack of attention […]
]]>

As one of the more prominent and vocal opponents of anti-piracy legislation SOPA, social news site Reddit has positioned itself as an organization that deeply cares about tech policy. But sometimes that can work against it.

For instance, last weekend the site’s users started organizing an elaborate Reddit-boycott due to unhappiness over the lack of attention Reddit management had given to the hotly debated cyber security bill CISPA.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. But the language in the bill is far too vague when it comes to distinguishing how the government can use that information, leading critics to brand it as pure and unadulterated evil. The bill also doesn’t provide an adequate description of what’s considered a “security threat”.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

The user uproar was undoubtedly fueled in part by the House’s rushed vote of approval for CISPA last week, which actually contained amendments that make the bill even more vague and degrading to privacy protections. This contradicts most of the prior speculation that the bill would get better prior to going to a vote. And while Reddit eventually did respond to the community, it’s still planning to boost the discussion about CISPA in the coming weeks.

Earlier this week, Reddit General Manager Erik Martin spoke with VentureBeat about the company’s stance on CISPA, and how its strategy for handling CISPA stops just short of activism.

VentureBeat: So I saw the initial uproar by users that called for a strategic boycott of Reddit, which was just like you’d expect from redditors: detailed and multi-tiered. I also saw the follow-up. Have you guys made any progress toward helping Reddit user fight CISPA?

Erik Martin: Right now we’re working on getting as many experts as possible to interact directly with the Reddit community. So, hopefully there will be a lot of informative IAMAs and similar discussions this week, involving experts and stakeholders across the board.

VentureBeat: As for the uproar from users, do you think the timing of the bill passing caught you guys off guard? I know it went from a “bad bill” to a “truly awful bill” in a very short amount of time.

Martin: Yes, we’re not experts or super dialed in to the process. So, we were hearing the revisions and amendments were going to improve the bill, not make it worse.

VentureBeat: I think a lot of people did, at least heading into the weekend. Do you think the update/response to the Reddit boycott was enough to let users know you’re paying attention?

Martin: I think people just want to be sure we give a shit. But just like with SOPA, our role is to facilitate … help the community discuss the issues and collectively explore what to do about it. (For example), we directed people to discuss tactics at http://reddit.com/r/SOPA, but we did not originate or promote any of the specific ideas, like the Godaddy boycott. We’re going to try to do an even better job of that this time (with CISPA). Hopefully the experience of SOPA showed everyone across the board how important it is to communicate directly with the internet communities. So, I’m optimistic.

VentureBeat: With legislation like this (CISPA, SOPA/PIPA, ACTA), is it important for Reddit’s management to draw a distinction between promoting discussion and activism?

Martin: Yes, it is important, but it’s more complicated since Reddit is both a company and a community. I think it’s a fairly new position. We’re not interested in activism, but there are times when we can help make sure the community’s voice is heard. And Reddit is built upon having a free and open internet … we’re open source, don’t require user info, user curated etc. So, anything that might threaten a free and open internet impacts both the community and the company.

VentureBeat: Is there a blackout day for CISPA further down the road if needed?

Martin: No blackout plans, but who knows.

VentureBeat: I’m assuming you’re among the majority of people at this point who hasn’t been able to dig through all the amendments that make CISPA dangerous. Once the week(s) of IAMA experts have explained the situation, will you guys gather all that information and form an official company stance on the bill?

Martin: Not only CISPA, but also the cyber security bills in the senate — there are like four bills, too.

VentureBeat: In the spirit of healthy discussion, are you guys seeking out an expert that’s for CISPA (and related bills in the senate)?

Martin: Absolutely. And (there are) some good signs that we’ll be able to make that happen. I would love a co-sponsor or the appropriate staffer to discuss and answer questions about the bills on Reddit.

]]>0Reddit on CISPA: “People just want to know we give a shit”House passes CISPA despite veto threats and a sea of angry Internet protestershttp://venturebeat.com/2012/04/26/house-passes-cispa-despite-veto-threats-and-a-sea-of-angry-internet-protesters/
http://venturebeat.com/2012/04/26/house-passes-cispa-despite-veto-threats-and-a-sea-of-angry-internet-protesters/#commentsThu, 26 Apr 2012 23:55:37 +0000http://venturebeat.com/?p=422099The U.S. House of Representatives has passed a hotly protested cyber security bill, CISPA, with a vote of 248 to 168 this afternoon. CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. Essentially, […]
]]>

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

House Republicans brought the bill to a vote despite the threat of a veto recommendation by President Barack Obama’s advisers if certain amendments were not made prior to it passing. Some of those amendments did make it into the bill before going to vote, including more stringent privacy protection measures and additional restriction for how a person’s private data can be used. However, I highly doubt CISPA is now completely devoid of vague language and over-broad descriptions for determining what is a security threat.

While CISPA only intends to thwart security threats, many believe it could end up paving the way for large companies (as well as the government) to begin policing the internet. Critics also point out that companies may begin creating extensive user databases, intercepting or modifying communications under the guise of security, and blindly complying with government requests for private user information.

“The bill has three critical civil liberties problems, and we have worked with Members of Congress, Internet users, advocacy groups, and industry to address them,” the organization wrote in a statement today. “The first is that CISPA permits unfettered sharing of private communication with the government; second, it permits that sharing to go to any agency including the super-secret NSA; and third, it permits the government to use this information for purposes wholly unrelated to cybersecurity.”

]]>0House passes CISPA despite veto threats and a sea of angry Internet protestersWhite House advisers threaten a veto for CISPA, the controversial cyber security billhttp://venturebeat.com/2012/04/26/cispa-president-veto-threat/
http://venturebeat.com/2012/04/26/cispa-president-veto-threat/#commentsThu, 26 Apr 2012 16:34:17 +0000http://venturebeat.com/?p=421754White House advisers yesterday said they’ll recommend that President Barack Obama veto the controversial cyber security bill CISPA if it passes a congressional vote in its current form. CISPA, or the Cyber Intelligence Sharing and Protection Act (PDF), intends to grant companies more leeway when it comes to collecting and sharing data about their consumers […]
]]>

White House advisers yesterday said they’ll recommend that President Barack Obama veto the controversial cyber security bill CISPA if it passes a congressional vote in its current form.

CISPA, or the Cyber Intelligence Sharing and Protection Act (PDF), intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — specifically, data regarding security threats. Essentially, the bill’s goal is to enable companies to share this type of information with the government to help fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws. The bill has public support from several big tech and communications companies, including Facebook, AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

CISPA also has broad support from over 100 House co-sponsors from both sides of the aisle, with House Republicans preparing to send it to the floor very soon.

In the policy statement, the president’s advisers are asking House members for significant changes to the proposed bill before they’ll change their mind about recommending a veto. Specifically, they want to see greater privacy protections, more stipulations to protect an individual’s personal information, and a revision to the bill’s liability protection language.

The advisers believed the current version of CISPA would permit “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” writes the administration in the policy statement. “Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the government without undue restrictions imposed by private sector companies that share information.”

CISPA’s main sponsor Rep. Mike Rogers (R-Mich.) said he’s confident that the advisers’ amendment requests can be satisfied, reports Politico. He also added that if he can get the bill in front of the president, House members will be able to answer any questions well enough to get it signed into law.

The House is expected to vote on the bill before the end of the week. A senate version of CISPA could see a vote as soon as next month, co-sponsor of the bill Sen. Joe Lieberman (I-Conn.) told Politico.

]]>0White House advisers threaten a veto for CISPA, the controversial cyber security billMr. Page goes to Washington: Google lobbying tripled in Q1http://venturebeat.com/2012/04/23/google-lobbying-triples-q1/
http://venturebeat.com/2012/04/23/google-lobbying-triples-q1/#commentsMon, 23 Apr 2012 22:33:52 +0000http://venturebeat.com/?p=420248If its lobbying spend is any indication, Google is trying to woo the government. The search giant spent triple what it did a year ago on lobbying efforts in Washington, according to The Hill. Google’s spending in Washington, D.C. has increased as government agencies continue to scrutinize the company’s data privacy practices. Just last week, […]
]]>

If its lobbying spend is any indication, Google is trying to woo the government. The search giant spent triple what it did a year ago on lobbying efforts in Washington, according to The Hill.

The company’s main concerns in D.C. have been privacy legislation, including rules on online tracking, and cyber security legislation, including the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill. CISPA could enable companies to share private user information with the government to help it fight and prevent cyber security attacks. Google has not taken a position one way or the other on CISPA, so it’s hard to tell which side it’s playing.

Getting down to specifics, Google spent $5.03 million on lobbying from January to March, which is a 240 percent increase over the $1.48 million it spent in the first quarter of 2011. That’s not much compared to the $10.6 billion in revenue it cleared in Q1 2012, but every bit helps in Washington. Google CEO Larry Page used that earnings call to announce a Google stock split, something else it could be lobbying about.

]]>0Mr. Page goes to Washington: Google lobbying tripled in Q1Facebook justifies its support for CISPA, a bad cyber security billhttp://venturebeat.com/2012/04/13/facebook-cispa/
http://venturebeat.com/2012/04/13/facebook-cispa/#commentsSat, 14 Apr 2012 00:08:27 +0000http://venturebeat.com/?p=416155After lots of public outcry, Facebook has published a letter today explaining its support for controversial cyber-security legislation, the Cyber Intelligence Sharing and Protection Act, or CISPA (PDF). CISPA intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — […]
]]>

After lots of public outcry, Facebook has published a letter today explaining its support for controversial cyber-security legislation, the Cyber Intelligence Sharing and Protection Act, or CISPA (PDF).

CISPA intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — specifically, data regarding security threats. Essentially, the bill’s goal is to enable companies to share this information with the government to help fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws. The bill has broad support from over 100 House co-sponsors from both sides of the aisle.

Sponsored by VB

Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

Critics of CISPA often incorrectly refer to it as a new version of international copyright infringement bill SOPA, which would have given the government the authority to shut down websites accused of internationally committing acts of piracy. But while CISPA only intends to thwart security threats, many believe it could end up paving the way for copyright holders to begin policing the net. Critics also point out that it promotes the idea of companies creating extensive user databases, intercepting or modifying communications under the guise of security, and blindly complying with government requests for private user information.

“We recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity,” wrote Facebook VP of Public Policy Joel Kaplan in the letter. “Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 [a.k.a. CISPA] in the first place — the additional information it would provide us about specific cyber threats to our systems and users.”

Facebook isn’t alone in its support of CISPA. Other companies that support the bill include AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.

“More than 845 million people trust Facebook with their information, and maintaining that trust is at the core of everything we do. Keeping the site secure to protect our users and their information requires a combination of technological innovations; around-the-clock coverage from our dedicated staff; and relationships within the broader security community.

A successful defense against bad actors also requires that we have timely information about cyber threats. One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack. Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.

A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users.

The overriding goal of any cybersecurity bill should be to protect the security of networks and private data, and we take any concerns about how legislation might negatively impact Internet users’ privacy seriously. As a result, we’ve been engaging directly with key lawmakers as well as industry and consumer groups about potential changes to the bill to help address privacy concerns.

The bill’s sponsors, House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger, have stated publicly that they are working with privacy and civil liberties groups to address legitimate questions and concerns about how information might be shared with the government under the bill. They’ve made clear that the door is still open to change the bill before it comes to the House floor for consideration.

We hope that as Congress moves forward in considering this and any other cyber legislation, the result will be legislation that helps give companies like ours the tools we need to protect our systems and the security of our users’ information, while also providing those users confidence that adequate privacy safeguards are in place.